Slashdot Mirror
Is Cyber Arms Control a Lost Cause?
Nicola Hahn writes In light of a classified document regarding state-sponsored cyber ops, the editorial board at the New York Times has suggested that the most constructive approach to reducing the spread of cyber threats would be to "accelerate international efforts to negotiate limits on the cyberarms race, akin to the arms-control treaties of the Cold War."
While such advice is by all means well-intentioned there are significant differences between nuclear weapons and malware that would make treaty verification problematic. Not to mention that the history of the Cold War itself illustrates that certain countries viewed arms control treaties as an opportunity to secretly race ahead with their own covert weapons programs. Rather than take on the Sisyphean task of trying to limit the development of offensive cyber technology, why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?
While such advice is by all means well-intentioned there are significant differences between nuclear weapons and malware that would make treaty verification problematic. Not to mention that the history of the Cold War itself illustrates that certain countries viewed arms control treaties as an opportunity to secretly race ahead with their own covert weapons programs. Rather than take on the Sisyphean task of trying to limit the development of offensive cyber technology, why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?
... it's the human beings behind them.
We really need to look at the human beings and fix their flawed perceptions and psyche instead.
I really want cyber arms.
But not if I can't control them.
That would be embarrassing.
My old sig was REALLY stoopid.
In reply to: why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?
Because then it would be more difficult for the NSA to spy on us?
Next question?
If it is Cyber Arms then we are allowed then under the 2nd amendment
Bad idea. That would interfere with domestic spying priorities.
Well-intentioned, but still wrong — even in the case of nuclear weapons. For all the treaties, both USA and USSR retained enough nukes to destroy each other (and, probably, the rest of the planet) many times over — officially.
Unofficially it put the US, where the government is (somewhat) accountable to citizens, at a disadvantage — we had to abide by the agreements, while the rulers of USSR — unafraid of inquisitive lawmakers and "nosy" journalists — did not.
Cyber-weapons are even worse in this regard, because their use and development can be delegated to a nominally private organization or even a person — the way Russia's propaganda war is already delegated too.
In Soviet Washington the swamp drains you.
Yes, let's control something that requires only a computer and an internet connection to make, and can be essentially untraceable. It will work. Trust me.
a long time ago in a galaxy far, far away....
In traditional warfare, which often relies on kinetic weapons, its pretty straightforward to trace the trajectory of a weapon back to where it was deployed
why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?
Defense is more expensive and takes longer to develop because it is only as strong as the weakest link. You have to make sure the entire perimeter is secure by eliminating as many holes as you can.
On the offensive side, you only need to find one hole. As a consequence, offense is relatively cheap and the costs are typically associated with the initial R&D. After the initial R&D, cyber weapons can be replicated with virtually zero-cost.
As I wrote here: http://www.pdfernhout.net/reco... ...
" Military robots like drones are ironic because they are created essentially to force humans to work like robots in an industrialized social order. Why not just create industrial robots to do the work instead?
Nuclear weapons are ironic because they are about using space age systems to fight over oil and land. Why not just use advanced materials as found in nuclear missiles to make renewable energy sources (like windmills or solar panels) to replace oil, or why not use rocketry to move into space by building space habitats for more land?
Biological weapons like genetically-engineered plagues are ironic because they are about using advanced life-altering biotechnology to fight over which old-fashioned humans get to occupy the planet. Why not just use advanced biotech to let people pick their skin color, or to create living arkologies and agricultural abundance for everyone everywhere?
These militaristic socio-economic ironies would be hilarious if they were not so deadly serious. Here is some dark humor I wrote on the topic: A post-scarcity "Downfall" parody remix of the bunker scene. See also a little ironic story I wrote on trying to talk the USA out of collective suicide because it feels "Burdened by Bags of Sand". Or this YouTube video I put together: The Richest Man in the World: A parable about structural unemployment and a basic income.
Likewise, even United States three-letter agencies like the NSA and the CIA, as well as their foreign counterparts, are becoming ironic institutions in many ways. Despite probably having more computing power per square foot than any other place in the world, they seem not to have thought much about the implications of all that computer power and organized information to transform the world into a place of abundance for all. Cheap computing makes possible just about cheap everything else, as does the ability to make better designs through shared computing. I discuss that at length here: http://www.pdfernhout.net/post...
There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a scarcity-based approach to using such technology ultimately is just making us all insecure. Such powerful technologies of abundance, designed, organized, and used from a mindset of scarcity could well ironically doom us all whether through military robots, nukes, plagues, propaganda, or whatever else... Or alternatively, as Bucky Fuller and others have suggested, we could use such technologies to build a world that is abundant and secure for all.
The big problem is that all these new war machines and the surrounding infrastructure are created with the tools of abundance. The irony is that these tools of abundance are being wielded by people still obsessed with fighting over scarcity. So, the scarcity-based political mindset driving the military uses the technologies of abundance to create artificial scarcity. That is a tremendously deep irony that remains so far unappreciated by the mainstream.
We the people need to redefine security in a sustainable and resilient way. Much current US military doctrine is based around unilateral security ("I'm safe because you are nervous") and extrinsic security ("I'm safe despite long supply lines because I have a bunch of soldiers to defend them"), which both lead to expensive arms races. We need as a society to move to other paradigms like Morton Deutsch's mutual security ("We're all looking out for each other's s
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
if people attack anything that is known to be vulnerable then we actually might get some decent software security! putting our heads in the ground isn't going to solve the fundamental issue that we have wildly insecure systems.
Anons need not reply. Questions end with a question mark.
One of the biggest differences between the two types of warfare is that attribution is non-trivial in cyber.
Agreed. Another point is that unlike nuclear weapons, cyber weapons can easily be developed and used by non-state players such as terrorists and criminals. (We've seen quite a lot of the latter.) In contrast, one of the saving graces of nuclear weapons has always been that you can't build them in your garage. Therefore, even if a cyber warfare treaty is created and adhered to faithfully by all nations involved, the problem isn't solved. And the smaller nations that haven't even signed the treaty have a relatively low barrier to entry.
Cyber weapons from nations are different from similar "weapons" from non-nations only in terms of the resources available to create them, that is, their level of sophistication. Therefore, if treaties really worked, they would limit only the sophistication of the malware. So, it seems to me that the only thing that can be done is to employ the best possible defensive measures - and expect them to fail on occasion. That's pretty-much what most of us now do at home and work anyway.
In my own case, I recently uninstalled Kaspersky from all my computers, since it's based in Moscow, which is the capital of a country which is increasingly at odds with the US, where I live. I did that after a Russian-born friend of mine told me that he wouldn't have Kaspersky on his computer. But as sophisticated as Kaspersky is, I have no way to be sure they didn't leave something juicy behind in case Mr. Putin later wants to put the hurt on us. Of course, one could argue that the anti-virus software I replaced it with also could be used as an attack vector, but at least its parent company is based in my own country.
Cyber bans would be a good thing. Making sure these crimes are cleaned up will go along way for a safer cyber-space.
The only people that CAN be interested in offensive capabilties are small communities (activists, terrorists, freedom fighters, whistleblowers), because they themselves are not vulnerable.
Any nation state on the other hand MUST be concerned about closing each and any vulnerability, because it puts them at risk. If it doesn't put the secret agency at risk, it will at least put their allies at risk: All the other branches of government, and companies deemed highly important for the running of the country (power, water, telecommunications).
So it's UTTER STUPIDITY to have bodies within your government working on "offensive capabilities". They are in fact WORKING AGAINST YOU.
The difficulty is probably to get the governments to realize this; but then, the problem is basically solved.
"The more prohibitions there are, The poorer the people will be" -- Lao Tse
'the editorial board at the New York Times has suggested that the most constructive approach to reducing the spread of cyber threats would be to "accelerate international efforts to negotiate limits on the cyberarms race, akin to the arms-control treaties of the Cold War."'
I would have thought the solution is to built 'computer' that can't so easily be hacked. DDOD attacks only being feasable because of all those hacked Windows desktops out there in cyberspace.
IRAN -- Current Topics, Interaction with GCHQ
" Iranian Cyber Attacks: Iran continues to conduct didtribituted denial-of-service (DDOS) attacks against numerous U.S. financial institutions and is currently in the third phase of a series of such attacks that began in August 2012."
Legal, this wouldn't be so ugly.
Do these guys remember that Mitnick got 50 life sentences with no outside contact?
Imagine all the NSA, protecting Personal Computers Toodaaayyyy.... oh oh oh...
John Lenno(i)n
Second Joke: Remember Independance Day , the film where Aliens blow up the white house? And are stopped by a basic computer virus? They're frikken OSS utopianists! With laser beams!
I can't even control my meat arms when I',m sober.
Human Rights, Article 12: Freedom from Interference with Privacy, Family, Home and Correspondence